Intrinsic Imaging, LLC respects individual privacy and values the confidence of their customers, employees, consumers, business partners and others. Intrinsic Imaging strives to collect, use and disclose personal information in a manner consistent with the laws of the countries in which they do business, and pride themselves on upholding the highest ethical standards in their business practices.

This Privacy Policy sets forth the privacy principles that Intrinsic Imaging follows with respect to personal information transferred from the European Union (EU) or Switzerland to the United States.

PRIVACY SHIELD

Intrinsic Imaging has certified its adherence to, and complies with, the E.U.-U.S. Privacy Shield framework and the Swiss-U.S. Privacy Shield framework as set forth by the U.S. Department of Commerce, with respect to the collection, use, and retention of personal information transferred from the European Union or Switzerland to the United States. For additional information about the E.U.-U.S. Privacy Shield and Switzerland-U.S. Privacy Shield, or to view Privacy Shield certifications of Intrinsic Imaging on file with the U.S. Department of Commerce, please visit https://www.privacyshield.gov

SCOPE

Intrinsic Imaging has filed certifications with the U.S. Department of Commerce confirming their adherence to the Privacy Shield framework for E.U. and Switzerland personal information transferred to the U.S., in relation to clinical research, patients, human resources, customers or suppliers. Intrinsic Imaging limits its collection, processing and storage of personal information to situations where they have a legitimate business interest in the information.

This Policy applies to all personal information received by Intrinsic Imaging in the United States from the European Economic Area or Switzerland, in any format including electronic, paper or verbal.

DEFINITIONS

For purposes of this Policy, the following definitions shall apply:

“Agent” means any third party that collects or uses personal information under the instructions of, and solely for, Intrinsic Imaging or to which Intrinsic Imaging disclose personal information for use on their behalf.

“Personal information” means any information or set of information that identifies or is used by or on behalf of Intrinsic Imaging to identify an individual. Personal information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public personal information.

“Sensitive personal information” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns an individual’s health. In addition, Intrinsic Imaging will treat as sensitive personal information any information received from a third party where that third party treats and identifies the information as sensitive.

“The Company” means Intrinsic Imaging and their respective successors, subsidiaries, divisions and groups in the United States.

PRIVACY PRINCIPLES

The privacy principles in this Policy are based on the Privacy Shield Principles.

1 – NOTICE

If Intrinsic Imaging collects personal information directly from individuals, Intrinsic Imaging will inform the individuals about the purposes for which it collects and uses information about them, how to contact the organization with any inquiries or complaints, the types of third parties to which it discloses the information, and the choices and means the organization offers individuals for limiting its use and disclosure. This notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to the organization or as soon thereafter as is practicable, but in any event before the organization uses such information for a purpose other than that for which it was originally collected or processed by the transferring organization or discloses it for the first time to a third party.

2 – CHOICE

If Intrinsic Imaging collects personal information directly from individuals, Intrinsic Imaging will offer individuals the opportunity to choose (opt out) whether their personal information is (a) to be disclosed to a third party or (b) to be used for a purpose that is incompatible with the purpose(s) for which it was originally collected or subsequently authorized by the individual. Individuals must be provided with clear and conspicuous, readily available, and affordable mechanisms to exercise choice. For sensitive information (i.e. personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual), they must be given affirmative or explicit (opt in) choice if the information is to be disclosed to a third party or used for a purpose other than those for which it was originally collected or subsequently authorized by the individual through the exercise of opt in choice. In any case, an organization should treat as sensitive any information received from a third party where the third party treats and identifies it as sensitive.

3 – ACCOUNTABILITY FOR ONWARD TRANSFER

If Intrinsic Imaging acts as third party and is transferred personal information of individuals from Sponsors, Intrinsic Imaging agrees to provide at least the same level of privacy protection as is required by the relevant Principles. Further, if Intrinsic Imaging wishes to transfer personal information to a third party that is acting as an agent, it will do so after if it first either ascertains that the third party subscribes to the Principles or is subject to the Directive or another adequacy finding or enters into a written agreement with such third party requiring that the third party provide at least the same level of privacy protection as is required by the relevant Principles. If Intrinsic Imaging complies with these requirements, it shall not be held responsible when a third party to which it transfers such information processes it in a way contrary to any restrictions or representations, unless Intrinsic Imaging knew or should have known the third party would process it in such a contrary way and Intrinsic Imaging had not taken reasonable steps to prevent or stop such processing.

4 – SECURITY

If Intrinsic Imaging creates, maintains, uses or disseminates personal information, it will take reasonable precautions to protect it from loss, misuse and unauthorized access, disclosure, alteration and destruction.

5 – DATA INTEGRITY AND PURPOSE LIMITATION

Consistent with the Principles, personal information must be relevant for the purposes for which it is to be used. Intrinsic Imaging will not process personal information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. To the extent necessary for those purposes, Intrinsic Imaging will take reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current.

6 – ACCESS

If Intrinsic Imaging collects personal information directly from individuals, Intrinsic Imaging will provide individuals access to personal information about them that Intrinsic Imaging holds and be able to correct, amend,or delete that information where it is inaccurate, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.

7 – RECOURSE, ENFORCEMENT AND LIABILITY

Effective privacy protection must include mechanisms for assuring compliance with the Principles, recourse for individuals to whom the data relate affected by non-compliance with the Principles, and consequences for the organization when the Principles are not followed. At a minimum, such mechanisms must include (a) readily available and affordable independent recourse mechanisms by which each individual’s complaints and disputes are investigated and resolved by reference to the Principles and damages awarded where the applicable law or private sector initiatives so provide; (b) follow up procedures for verifying that the attestations and assertions businesses make about their privacy practices are true and that privacy practices have been implemented as presented; and (c) obligations to remedy problems arising out of failure to comply with the Principles by organizations announcing their adherence to them and consequences for such organizations. Sanctions must be sufficiently rigorous to ensure compliance by organizations.

LIMITATION ON APPLICATION OF PRINCIPLES

Adherence by Intrinsic Imaging to these Privacy Shield Principles may be limited (a) to the extent required to respond to a legal or ethical obligation; and (b) to the extent expressly permitted by an applicable law, rule or regulation.